Techniques to pollute electronic profiling

ABSTRACT

Techniques to pollute electronic profiling are provided. A cloned identity is created for a principal. Areas of interest are assigned to the cloned identity, where a number of the areas of interest are divergent from true interests of the principal. One or more actions are automatically processed in response to the assigned areas of interest. The actions appear to network eavesdroppers to be associated with the principal and not with the cloned identity.

FIELD

The invention relates generally to electronic privacy and moreparticularly to techniques to pollute electronic profiling.

BACKGROUND

A significant concern with electronic commerce and with theproliferation of electronic transactions is that of privacy.Individuals, particularly American citizens, have always been suspect ofthe motivations and actions of their government and “Big Business.” Thisskepticism has given rise to a variety of privacy laws and rightsenjoyed by American citizens, which remains the envy of much of the restof the world. As electronic commerce has grown by leaps and bounds inrecent years, users have now become increasingly concerned withconfidential information that is being gathered and collected aboutthem. The information is being collected by lawful and unlawfulenterprises and the information gathering is not exclusively limited togovernments.

In some cases, the electronic information being gathered is used forillegal purposes, such as electronic identity theft. In other cases, theinformation is gathered for lawful purposes but is extremely annoying tousers, such as when targeted and aggressive marketing tactics are used.Users are growing uncomfortable with the amount of information marketerspossess today about them and many feel it is an invasion of theirprivacy even if the marketing is currently considered to be lawful.Moreover, even legitimate and lawful enterprises that collectconfidential information about a user runs the risk of having anintruder penetrate their databases and acquiring the information forsubsequent unlawful purposes.

Concerns about the government and its knowledge about its citizenry isoften referred to in a derogatory sense as actions of “Big Brother” whois omnipresent and gathering information to use to its advantage whenneeded. The electronic age has given rise to what is now known asthousands of “Little Brothers,” who perform Internet surveillance bycollecting information to form electronic profiles about a user notthrough human eyes or through the lens of a camera but through datacollection. This form of Internet surveillance via data collection isoften referred to as “dataveillance.” In a sense, thousands of “LittleBrothers” or automated programs can monitor virtually every action ofusers over the Internet. The data about a user can be accumulated andcombined with other data about the user to form electronic profiles ofthe users.

Even famous authors have foreseen and speculated about the problemsassociated with invading privacy. Consider Orwell who gave rise to theconcept of an Orwellian society from the Big Brother of his novel, 1984.In that novel, Big Brother is the government, which has managed toinvade privacy to the point where every dwelling was equipped with a“tele-screen” which, while providing entertainment and informationaccess to the user, also allowed Big Brother to observe visually andaudibly the occupants of the dwellings. Of course, Big Brother knew thatthe observed behavior of the dwelling occupants was not strictly the“true persona” of those being observed, but rather was what the “truepersona” Big Brother wanted to observe. This, however, was immaterial toBig Brother because Big Brother knew that if it could foster a set ofbehavior that was consistently portrayed over a given period of time,then the “true persona” would begin to morph into another person thatwas, at its core, what the behaviors were designed to foster. Thus, BigBrother was also known as the “Thought Police,” which was verysuccessful at conditioning the masses and eliminating thenon-conformists.

In fact, users are becoming so concerned about dataveillance that abooming industry has arisen that attempts to thwart the data collection.Some examples include “anonymizers” and “spyware killers.” Anonymizersattempt to make transactions anonymous, such as by using a fictitioususer name for a given transaction. Spyware Killers detect programs thatself-install on a user's device and monitor Internet actions of thatuser and then report the monitoring information back to a marketer orother entity.

Even without anonymizers and spyware killers, users may still attempt asbest they can to deter data collection by taking manually initiatedevasive actions. For example, a user may turn off cookies within thebrowser, may refuse to register for a service that requests an emailaddress or other confidential information, or may refuse to perform atransaction at all when the user is suspect of that transaction.

Yet even if all available techniques are adopted and taken by a user,information about the user is likely to still be successfully collectedif the user engages in electronic commerce over the Internet, engages ininformation gathering over the Internet, or engages in downloading andinstalling services over the Internet. In a sense if the user engages inany Internet activity, information may be successfully collected aboutthat user. Thus, even the most cautious Internet users are still beingprofiled over the Internet via dataveillance techniques from automatedLitter Brothers.

SUMMARY

In various embodiments, techniques for polluting electronic profilingare presented. More specifically, and in an embodiment, a method forprocessing a cloned identity over a network is provided. An identityassociated with a principal is cloned to form a cloned identity. Areasof interest are assigned to the cloned identity and actions areautomatically processed over a network, where the actions are associatedwith the areas of interest for the cloned identity. The actions areprocessed in order to pollute information gathered about the principalfrom eavesdroppers monitoring the network. The actions appear to theeavesdroppers to be associated with the principal.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram of a method for processing a cloned identity over anetwork, according to an example embodiment.

FIG. 2 is a diagram of another method for processing a cloned identityover a network, according to an example embodiment.

FIG. 3 is a diagram of a cloned identity system, according to an exampleembodiment.

FIG. 4 is a diagram of a data structure implemented in amachine-accessible medium representing a cloned identity, according toan example embodiment.

DETAILED DESCRIPTION

A “resource” includes a user, service, system, device, directory, datastore, user, groups of users, combinations of these things, etc. A“principal” is a specific type of resource, such as an automated serviceor user that acquires an identity. A designation as to what is aresource and what is a principal can change depending upon the contextof any given network transaction. Thus, if one resource attempts toaccess another resource, the actor of the transaction may be viewed as aprincipal.

An “identity” is something that is formulated from a one or moreidentifiers and secrets that provide a statement of roles and/orpermissions that the identity has in relation to resources. An“identifier” is information, which may be private and permits anidentity to be formed, and some portions of an identifier may be publicinformation, such as a user identifier, name, etc. Some examples ofidentifiers include social security number (SSN), user identifier andpassword pair, account number, retina scan, fingerprint, face scan, etc.As more and more identifiers are accumulated, a confidence in aparticular identity grows stronger and stronger.

A “clone” is another identity that is associated with a principal andappears to be the principal to others that interact or monitor the cloneover the network. A clone is processed by an automated agent or serviceover the network, such as the Internet, and performs actionsrepresenting network transactions. The actions processed are driven byareas of interest assigned to the clone. A majority of these areas ofinterest are intentionally defined to be divergent from the principal towhom the clone is associated. Any network eavesdroppers, which areperforming dataveillance on a principal, are polluted by thetransactions that are in fact divergent from the true principal's areasof interest. In this manner, data collection is not prevented; rather,it is intentionally polluted so as to make any data collection about aprincipal less valuable and less reliable.

The principal of a clone may be viewed as a “true persona” (TP) and theclone may be viewed as a “doppelganger” or “dead ringer clone” thatexhibits the behavior of the TP. This allows the TP to continue itsexistence over a network, such as the Internet, in secret.

In some embodiments, the areas of interest for a principal and a cloneare constructed as semantic aspects and represented in a formal manner.Examples of such techniques include U.S. Ser. No. 09/615,726, entitled“A Method and Mechanism for the Creation, Maintenance and Comparison ofSemantic Abstracts,” filed on Jul. 13, 2000; U.S. Ser. No. 09/512,963,entitled “Construction, Manipulation, and Comparison of aMulti-Dimensional Semantic Space,” filed on Feb. 25, 2000; U.S. Ser. No.09/691,629, entitled “Method and Mechanism for Superpositioning StateVectors in a Semantic Abstract, filed on Oct. 18, 2000; and U.S. Pat.No. 6,108,619, entitled “Method and Apparatus for SemanticCharacterization of General Content Streams and Repositories,” issued onAug. 22, 2000.. The disclosures of which are incorporated by referenceherein.

Various embodiments of this invention can be implemented in existingnetwork architectures. For example, in some embodiments, the techniquespresented herein are implemented in whole or in part in the Novell®network and proxy server products, distributed by Novell®, Inc., ofProvo, Utah.

Of course, the embodiments of the invention can be implemented in avariety of architectural platforms, operating and server systems, orapplications. Any particular architectural layout or implementationpresented herein is provided for purposes of illustration andcomprehension only and is not intended to limit aspects of theinvention.

FIG. 1 is a diagram of a method 100 for processing a cloned identityover a network, according to an example embodiment. The method 100(hereinafter “cloning service”) is implemented in a machine-accessibleand readable medium. The cloning service is operational over andprocesses within a network. The network may be wired, wireless, or acombination of wired and wireless. In an embodiment, the cloning serviceacts as an automated agent that uses policies and other metadata toperform the processing depicted in FIG. 1 and described herein andbelow.

Initially, at 110, a principal's identity is cloned to form or create acloned identity. That is, identifiers used to authenticate the principalare provided to the cloning service for purposes of posing as theprincipal. The cloning service acts as if it is the principal andperforms automated processing over a network. The processing reflectstransactions or actions over the network According to an embodiment, thenetwork is the Internet and the actions processing reflects automatedactivities processed within a World-Wide Web (WWW) browser controlled bythe cloning service, which masquerades as the principal.

In an embodiment, at 111, the cloned identity may have feignedconfidential information assigned or associated with the clonedidentity. This may include life statistics, such as data of birth,birthday club, gender, income level, marital status, number and ages ofchildren, hair color, etc. This information may actually substantiallycorrespond to the life statistics of the principal so as to strengthenthe likelihood that the cloned identity will be accepted byeavesdroppers as the principal.

In more embodiments, at 112, the cloned identity may also be assigned anemail account of its own for its own use; a funding source, such as acredit card or debit card; a phone number with a voice mail; or even apostal account, such as a Post Office (P.O.) box. This information andcapabilities provided to the cloned identity and accessible to thecloning service further enhances the believability and apparentlegitimacy of the cloned identity as being the principal.

At 120, the cloning service is initially configured by being assignedareas of interest for use with the cloned identity. The areas ofinterest are semantic areas, categories, or subjects that are related totransactions or actions over the network. For example, an area ofinterest may be photography or even more specifically photography ofnature, such as mountains, sunsets, etc.

According to an embodiment, the areas of interest are represented in aformal manner within a data structure that is parsed and processed bythe cloning service. The data structure may include identifiers fortopics or areas of interest and may be further linked to lexicons andactions associated with each area of interest. In some cases, the datastructure may be a vector of different areas of interest and may includeweights for each particular area of interest. In fact, any formal mannerfor representing categories, subjects, or actions within a datastructure may be used to depict the semantic areas of interest.

For example, the areas of interest may be represented as semanticabstracts or other data structures that provide for a robust semanticevaluation. Examples techniques for achieving this were supplied aboveand incorporated by reference herein.

In some embodiments, the areas of interest are manually supplied viaseparate interfaces by a principal that seeks to use the cloning servicefor purposes of establishing the clone. The interface may provide, in astructured and controlled manner, screen selections and input mechanismsfor the principal to interactively define and generate the areas ofinterest for the clone.

In other embodiments, the areas of interest may actually beautomatically derived on behalf of the principal given an existingprincipal's profile or desired areas of interests. The profile may bepartially and automatically assembled for the principal by analyzingexisting information about the principal, such as the principalsInternet browser history, browser cache, cookies, etc.

In still other embodiments, the principal's identity may be semanticallyassociated with a particular category, such as an employee, whichpermits the cloning service to acquire policies associated with employeeidentities and to further derive areas of interest for employees of aparticular organization or profession.

According to an embodiment, at 121, a few of the areas of interest mayactually be divergent areas of interest from that of the principal.Furthermore, at 121, some others of the areas of interest may actuallybe consistent with the interests of the principal. By incorporatingconsistent areas of interest with the principal into the clonedidentity, the interests of the principal are feathered into the clonedidentity so that the cloned identity is more believable to eavesdroppersthat are attempting to perform dataveillance on the principal. Thedivergent areas of interest work to pollute the dataveillance as isdescribed more fully below.

At 130, the cloning service automatically processes one or more actionsthat are consistent with the areas of interest associated with thecloned identity. The actions may be any transaction that a principal mayengage in over the network. For example, the cloning service may processan area of interest that is divergent from that of the principal such asan interest in basket weaving. This particular interest may beassociated with its own lexicon and actions associated with particularInternet websites, products, services, and/or books. Actions may bedefined that permit the cloning service to appear to be the principaland visit specific basket weaving websites, issue Internet searchesrelated to basket weaving, and the like. This activity by the cloningservice may be picked up by an eavesdropper and may be used to generatea polluted profile about the principal that suggests the principal isinterested in basket weaving, when in fact this is not the case.

According to an embodiment, at 140, the cloning service may use policiesto identify undesirable interests and/or actions for purposes ofconstraining or preventing certain actions from being processed that areassociated with these undesirable types of interests. In this manner,the cloning service may be configured to perform lawful activities andactivities that are not deemed morally reprehensible even if suchactivities are considered lawful. This ensures that activity of thecloning service is not going to embarrass the principal or potentiallycause the principal legal problems from activities such as downloadingpirated intellectual property, pornography, and the like.

In an embodiment, at 150, the cloning service may also be configured torestrict when and if the cloning service performs any of the actions.This may be done to prevent detection of the cloning service. Forexample, the cloning service may not be active when the principal is onthe network and performing actions or transactions. Similarly, if theprincipal is not likely to be online on the network, then the cloningservice is also configured to not be online. As an example, theprincipal may be scheduled to be on a flight during a certain date andtime; during this period it may not be desirable for the cloning serviceto be active since an eavesdropper may detect this anomaly and maypotentially detect the cloned identity. To ensure that cloning serviceis not operating when it should not be, the principal may manuallyinstruct the cloning service to be down on certain dates and times.Alternatively, the cloning service may automatically detect situationswhere it is not desirable for it to be online. Such as when it detectsthe principal online or for periods when it is unlikely the principalwould be online, such as late at night, during a holiday, vacation, etc.

In some embodiments, at 160, the cloning service may perform a widerange of automated actions consistent with the assigned areas ofinterest. Examples of these actions may include, but are not limited to,performing an Internet search on a given area of interest; activatingselective results that when analyzed conform semantically to the area ofinterest; activating advertisement banners in web pages; filling outelectronic surveys; sending an email; engaging in rudimentary onlinechat discussion by using techniques similar to Eliza (an automated chatengine); activating embedded links within a document that conformssemantically to the area of interest; registering for servicesassociated with the area of interest; purchasing goods or servicesrelated to the area of interest, etc.

According to an embodiment, at 170, the cloning service processes theactions on a different device than the principal's native device. Thisdevice may be close physical proximity to the principal so as to appearto be the principal to more sophisticated eavesdroppers. In some cases,the environments may be different between the cloning service and theprincipal. By separating the processing devices and/or environments ofthe cloning service and the principal, it becomes more difficult foreavesdroppers to detect activities associated with the clone andactivities associated with the principal, and by making the devices orenvironments similar and/or in close proximity the eavesdroppers areless likely to even discover the cloned identity.

It is now understood how a novel cloning service may be implemented tothwart the growing problem of dataveillance. The service does not seekto prevent data gathering; rather, the service uses a cloned identity ofa principal to automatically and actively process actions according toareas of interest over a network so as to appear to eavesdroppers to bethe principal. The actions of the cloning service are in fact designedto pollute the data collected by the eavesdroppers and make electronicprofiles, which are derived about the principal less reliable and lessvaluable to the eavesdroppers.

FIG. 2 is a diagram of another method 200 for processing a clonedidentity over a network, according to an example embodiment. The method200 (hereinafter “cloning agent”) is implemented in a machine-accessibleand readable medium and is operational and accessible over a network.The network may be wired, wireless, or a combination of wired andwireless. The cloning agent represents an alternative view to theprocessing depicted above with the cloning service, described with themethod 100 of the FIG. 1.

Initially, a cloned identity for a principal is established. This may beachieved in any manner where an electronic identity is assigned to theprincipal and assumed by other resources on the network to in fact bethe principal. The cloned identity is exclusively used by the cloningagent for purposes of polluting dataveillance and electronic profilesgenerated by eavesdroppers about the principal.

The cloned identity includes a variety of metadata, such as areas ofinterest, policies, and/or profiles that drive the processing of thecloning agent with respect to posing as the principal over the network.The cloning agent, during its operation is fully automated and does notrequire manual interaction or direction.

At 210, the cloning agent accesses a portion of the metadata associatedwith areas of interest for the cloned identity. Again, the structure ofthe areas of interest may include semantic definitions and other data(e.g., area-specific lexicons, area-specific websites, area-specificservices, area-specific actions, etc.). In some cases the structure ofthe data structure representing the areas of interest may impartpreference, a weight, or even a vector for each of the areas if interestdefined therein.

According to an embodiment, at 211, the cloning agent may also acquiremetadata for the cloned identity associated with fake or partially fakeconfidential information for use when processing a particular area ofinterest. That is, it may be desirable to have some confidentialinformation be legitimate so as to prevent an eavesdropper fromdistinguishing between the clone and the principal, some of thisconfidential information may include a birth date, an age, etc. Whereas,other confidential information may be profitably non-legitimate, such ascredit card number, phone number, etc. The fake or feigned confidentialinformation may be housed in cookies for the cloned identity and usedautomatically by the cloning agent when performing certain actions. Inother cases, the confidential information may be directly supplied bythe cloning agent when performing actions over the network with otherservices.

It is noted that some or perhaps even a majority of the areas ofinterest are intentionally designed to be divergent from legitimate ortrue interests of the principal. However, some others or perhaps even aminority of the areas of interest are in fact consistent with theinterests of the principal. The consistent areas of interest are again amechanism from preventing a savvy eavesdropper from detecting the clonedidentity and distinguishing it from the principal. The divergent areasof interest are designed to pollute dataveillance or electronicprofiling carried out by the eavesdropper against the principal.

It should also be noted that over time an eavesdropper will begin toassociate divergent areas of interest for the clone as being the normfor a particular principal that the eavesdropper believes it isprofiling or performing successful dataveillance on. When this isdetected or suspect, the areas of divergent interests may be increasedfor the clone without fear of detection, because the divergent interestsare now believed by the eavesdropper to be the norm.

At 220, the cloning agent selects a particular area of interest forprocessing. The selected area of interest may be systematically selectedbased on a configuration of the cloning agent, such that areas ofinterest are all equally processed in defined orders or in a serialfashion. Alternatively, at 221, the particular area of interest may berandomly selected for the available areas of interest.

At 230, the cloning agent automatically performs actions over thenetwork (e.g., Internet via the WWW, etc.) posing as the cloned identityand appearing to eavesdroppers to be the principal. Again, a variety ofactions may be automatically processed, such as but not limited to,sending email, reading documents, activating links, registering withservices, making purchases, engaging in on-line chat, taking surveys,issuing searches, and others. The action processed may correspond to adivergent area of interest from that which is associated with theprincipal. Thus, any eavesdroppers performing electronic profiling ordataveillance against the principal will be polluted when that action isdetected and recorded over the network by the eavesdroppers. This canlead to the creation of inconsistent and unreliable profiles that arenot valuable and confusing to the eavesdroppers.

According to an embodiment, at 231, the cloning agent may denyperforming any action that it deems undesirable. Undesirable actions maybe defined by policy and may include illegal activities and/or morallyreprehensible activities, such as but not limited to, downloadingpirated intellectual property, downloading obscene material, gambling,and the like.

In yet another embodiment, at 232, the cloning agent may suspend, halt,or prevent processing any action if the principal is detected to beactive on the network. That is, the cloning agent is configured to notbe active on the network when the principal is active on the network. Inthis manner, eavesdroppers will not be able to distinguish or detect thecloned identity from the principal. This may also be more complex, suchthat the cloning agent is intentionally inactive for periods duringwhich it is unlikely or nearly impossible for the principal to be activeon the network. Still further, the principal may have an interface tomanually shut down the cloning agent when the principal feels it isprofitable to do so to avoid detection.

In an embodiment, at 233, the cloning agent may randomly select a numberof subsequent actions in response to results acquired from theprocessing of the actions. That is, suppose the cloning agent performedan Internet search as an action that conformed to a lexicon of searchterms derived from the selected area of interest. The search returnsresults and the results may be semantically analyzed or scored forrelevance to the selected area of interest. The top tier of results maythen be randomly selected or activated and processed with othersubsequent actions, such as reading the documents, activating hypertextlinks within selected documents, etc. This makes the cloning agentappear to be a legitimate principal and provides depth to the principalmaking it more difficult for any eavesdropper to detect the clonedagent.

At 240, the cloning agent periodically re-processes the method 200 orre-iterates its own processing for different actions over the network.The different actions may conform to the selected area of interest orconform to a different area of interest. The frequency of iteration maybe defined in a profile or configuration for the cloning agent and maybe designed to make the cloning agent appear to be a legitimate and realprincipal to eavesdroppers.

In some embodiments, at 250, the cloning agent may also dynamically andautomatically add new area of interest to the existing areas of interestassociated with the cloned identity. This may occur when the cloningagent is engaging in network activity and related areas of interest aredetected that similar or related to existing areas of interest for thecloned identity. Again, this makes it appear to an eavesdropper that thecloned identity is a real and legitimate principal, whose routines arenot uniform and systematic but appear to be associated with interestsand exhibit human characteristics or behaviors.

The more the cloning agent appears to be a legitimate and an autonomousentity over the network that acts in a consistent manner, the moredifficult it will be for eavesdroppers to detect the subterfuge.Therefore, the cloning agent is designed to exhibit characteristics inmanners expected by users or human network resources. Thecharacteristics are intentionally varied to appear to be non systematicand to take on an autonomous appearance. However, the actions taking aredesigned to pollute electronic profiling or dataveillance associatedwith a principal. Thus, data collection is not prevented; rather, it isencouraged for the cloned identity and intentionally populated withdivergent information that pollutes legitimate information gatheredabout the principal.

FIG. 3 is a diagram of a cloned identity system 300, according to anexample embodiment. The cloned identity system 300 is implemented in amachine-accessible and readable medium and is operational over anetwork. The network may be wired, wireless, or a combination of wiredand wireless. In an embodiment, the cloned identity system 300implements, among other things, the processing of the methods 100 and200 of the FIGS. 1 and 2, respectively.

The cloned identity system 300 includes a clone of a principal 301, oneor more areas of interest 302, and a clone agent 303. In someembodiments, the cloned identity system 300 may also include feignedconfidential information 304 and/or one or more policies 305. Each ofthese will now be discussed in turn.

The clone of the principal 301 (hereinafter “clone 301”) represents anelectronic identity that is associated with the principal. To assume theclone 301, various identifiers and/or authentication techniques may beacquired and established, such that the clone 301 appears toeavesdroppers of the network to in fact be the principal.

The areas of interest 302 represent metadata assembled in one or moredata structures, which define categories or subjects of interest fromthe clone 301. In an embodiment, the areas of interest may be logicallyviewed as semantic abstracts, which summarize a variety of informationfor a variety of areas of interest 302 for the clone 301.

The areas of interest 302 are semantically correct and a few of theareas of interest 302 are typically divergent from the interests of thetrue principal to which the clone 301 is associated. However, some orothers of the areas of interest 302 are in fact consistent with theinterests of the principal so as to feather the clone's identity withthe principal's identity. That is, having some overlap within the areasof interest 302 makes it difficult for an eavesdropper to tell who theclone 301 is and who the principal is. Related information may also beassociated with the areas of interest 302, such as area-specificlexicons, area-specific services, area-specific WWW sites, area-specificactions, etc.

The clone agent 303 is designed to process actions over the networkconsistent with the areas of interest 302 using the identity associatedwith the clone 301. To do this, the clone agent 303 consumes the areasof interest 302 and takes automated actions over the network under theidentity of the clone 301. Examples of processing for a clone agent 303were presented above with respect to the methods 100 and 200 of theFIGS. 1 and 2, respectively.

In an embodiment, the cloned identity system 300 may also includedfeigned confidential information 304. That is, some confidentialinformation 304 associated with the clone 301 may be manufacturedwhereas other confidential is legitimate so as to not blow the cover ofthe clone 301. Some manufactured confidential information may include,but is not limited to, a phone number, an email account, a credit ordebit card account, and the like.

It is to be understood that although the confidential information 304 islabeled as feigned, manufactured, or fake, that it is still legitimatemeaning that it may exist but it will not be used by the principal towhich it purports to belong; rather it is used by the clone 301 and isused for duplicity against eavesdroppers. So, as an example a phonenumber for the clone 301 may include a legitimate number with a voicemail service; but the phone number is fake or feigned in the sense thatit is used by the clone 301 and not the principal.

According to another embodiment, the cloned identity system 300 may alsoinclude one or more policies 305. The policies 305 define processinglimitations and configurations for the clone agent 303. Thus, somepolicies 305 may prevent the clone agent 303 from taking inappropriateactions (e.g., illegal, obscene, or socially undesirable). Otherpolicies 305 may dictate or drive when and if the clone agent 303actually is active over the network. For example, a policy 305 mayprevent the clone agent 303 from being active over the network when theprincipal is active over the network or when it is highly unlikely thatthe principal would be active over the network. This ensures that thecover of the clone 301 is maintained against savvy or sophisticatedeavesdroppers.

FIG. 4 is a diagram of a data structure 400 implemented in amachine-accessible medium representing a cloned identity, according toan example embodiment. The data structure 400 encapsulates data andmetadata related to a cloned identity. The data structure 400 isimplemented within a machine-accessible medium and when processed causesactions and states to change within a machine, in the manners describedherein and below.

According to an embodiment, the data structure 400 is read, populated,updated, and used to drive the processing of the methods 100 and 200 ofthe FIGS. 1 and 2. Moreover in some cases, the data structure 400 isread, populated, updated, and used to drive the processing of the cloneagent 303 of the cloned identity system 300 of the FIG. 3.

The data structure 400 includes an electronic identifier 401, one ormore areas of interest 402, and feigned confidential information 403. Insome embodiments, the data structure 400 may also include one or morepolicies 404. Each of these will now be discussed in turn.

The electronic identifier 401 represents a clone of a principal. Anagent uses the electronic identifier 401 and other information toauthenticate to services over the network as if it were the principal.That is, when the agent performs network actions or transactions itassumes and uses the electronic identifier 401 that makes it appear toeavesdroppers to be the principal.

The areas of interest 402 are metadata formed as one or more othersub-data structures, which are associated with the electronic identifier401 of the clone. Examples of such sub-data structures and areas ofinterest 402 were provided above with respect to the methods 100 and 200of the FIGS. 1 and 2 and with respect to the cloned identity system 300of the FIG. 3. The agent reads, processes, and updates the areas ofinterest 402 when managing the data structure 400.

In an embodiment, the areas of interest 402 may be initially derived orformed in an automated manner by the agent when the agent is providedlegitimate areas of interest for the principal or when the agent is ableto automatically derive legitimate areas of interest for the principal.In other embodiments, the areas of interest 402 may be manuallyconfigured by a principal. In still other situations, the areas ofinterest 402 may be partially automatically populated to the datastructure 400 by the agent and manually modified or overridden by theprincipal. Under still more circumstances, the agent may add, modify, orotherwise augment the areas of interest 402 dynamically as the agentprocesses of the network in response to actions taken and resultsanalyzed by the agent. The areas of interest 402 are dynamic andevolving and controlled or under the supervision of the agent.

The feigned confidential information 403 provides additional identifiersthat the agent may use while processing over the network as the clone soas to convince eavesdroppers that the clone is legitimate or is in factthe principal. The confidential information 403 is feigned in the sensethat it belongs to the clone and not to the principal. Thus, theconfidential information may be associated with real resources (e.g.,phones, email accounts, postal mail accounts, etc.) but it is not reallyassociated with the principal as it purports to be. In some cases, someof the feigned confidential information 403 may not be feigned at all soas to make the subterfuge of the clone appear to be more legitimate.Examples of such situations were provided above with the methods 100 and200 of the FIGS. 1 and 2 and with cloned identity system 300 of the FIG.3.

According to an embodiment, the data structure 400 may also include oneor more policies 404. The policies 404 prevent the agent from processingundesirable actions on behalf of the clone, which may be associated withundesirable content. Additionally, policies 404 may restrict when and ifthe agent is active on the network so as to prevent detection of theclone by eavesdroppers.

It is now understood how techniques may be used to pollute electronicprofiling of principals over a network. This circumvents the reliabilityand usefulness of dataveillance used by network eavesdroppers andeffectively provides greater privacy over the network to principals.

The above description is illustrative, and not restrictive. Many otherembodiments will be apparent to those of skill in the art upon reviewingthe above description. The scope of embodiments should therefore bedetermined with reference to the appended claims, along with the fullscope of equivalents to which such claims are entitled.

The Abstract is provided to comply with 37. C.F.R. §1.72(b) and willallow the reader to quickly ascertain the nature and gist of thetechnical disclosure. It is submitted with the understanding that itwill not be used to interpret or limit the scope or meaning of theclaims.

In the foregoing description of the embodiments, various features aregrouped together in a single embodiment for the purpose of streamliningthe disclosure. This method of disclosure is not to be interpreted asreflecting that the claimed embodiments have more features than areexpressly recited in each claim. Rather, as the following claimsreflect, inventive subject matter lies in less than all features of asingle disclosed embodiment. Thus the following claims are herebyincorporated into the Description of the Embodiments, with each claimstanding on its own as a separate exemplary embodiment.

1. A computer-implemented method to process on a device, comprising:cloning, on the device, an identity associated with a principal to forma cloned identity, the identity of the principal representing a truepersona of the principal and the cloned identity a separate identitythat is used to act as the principal over a network; assigning, by thedevice, areas of interest to the cloned identity; automaticallyprocessing, by the device, actions associated with the areas of interestfor the cloned identity over the network, the cloned identityauthenticated to services over the network as being the principal, theareas of interests are intentionally defined to be divergent to trueinterests of the principal, the true interests for the principal areautomatically derived by analyzing an Internet browser history, browsercache, and cookies for the principal and the divergent interests areresolved accounting for the automatically derived true interests,network eavesdroppers performing dataveillance receive pollutedinformation based on the divergent areas of interests assigned to theclone, and assigning some information to the cloned identity thatcorresponds to life statistics of the principal; refraining, by thedevice, from performing any of the actions when the principal isdetected as being logged onto the network; and stopping, by the device,any processing of the actions when it is unlikely that the principal islogged into the network.
 2. The method of claim 1, wherein assigningfurther includes associating others of the areas of interest asconsistent areas of interest which are associated with the principal. 3.The method of claim 1 further comprising, identifying, by the device,undesirable interests and constraining the processing of the actions ifassociated with the undesirable interests.
 4. The method of claim 1,wherein cloning further includes assigning feigned confidentialinformation to the cloned identity.
 5. The method of claim 1, whereincloning further includes assigning at least one of an email account, afunding source account, a phone number, and a postal account to thecloned identity.
 6. The method of claim 1, wherein automaticallyprocessing further includes automatically performing at least one ofsearching the network, selecting search results from the searchingassociated with at least one of the areas of interest, activating banneradvertisements in World-Wide Web (WWW) browser pages, engaging inon-line chat conversations, reading documents, activating hypertextlinks embedded within the read documents, registering for a service,taking on-line surveys, reading and sending email, and purchasing agoods or services over the network.
 7. The method of claim 6, whereinautomatically performing further includes using Eliza automatedtechniques to perform the engaging in the on-line chat conversations. 8.The method of claim 1, wherein automatically processing further includesprocessing the actions of the cloned identity on a different device ordifferent environment from that which is used to process differentactions associated with the principal.
 9. A computer-implemented methodto process on a device, comprising: accessing, by the device, divergentareas of interest associated with a cloned identity for a principal, thedivergent areas of interest are intentionally assigned to diverge withtrue areas of interest for the principal, the cloned identity a separateidentity that is used to act as the principal over a network, theprincipal maintaining a separate true persona from the cloned identity,and assigning some information to the cloned identity that correspondsto life statistics of the principal; selecting, by the device, aparticular divergent area of interest; automatically performing, by thedevice, one or more actions over a network as the cloned identity, theone or more actions relate to the particular divergent area of interest,and authenticating the cloned identity to services over the network asbeing the principal, and not performing the one or more actions oncertain dates and times as instructed by the principal; refraining, bythe device, from performing any of the one or more actions when theprincipal is logged into the network; stopping, by the device,performance of the one or more actions when the principal is unlikely tobe logged into the network; and periodically re-processing, by thedevice, the method for a different divergent area of interest.
 10. Themethod of claim 9 further comprising, adding, by the device, newdivergent areas of interest to the divergent areas of interest inresponse to performing the one or more actions.
 11. The method of claim9 further comprising, removing, by the device, selective ones of thedivergent areas of interest.
 12. The method of claim 9, furthercomprising denying, by the device, the performing for a number of theone or more actions that are associated with policies, which areidentified as being associated with undesirable content.
 13. The methodof claim 9, further comprising suspending or halting, by the device, theperforming if the principal is detected as being active on the network.14. The method of claim 9, wherein accessing further includes acquiringfake confidential information to use with performing the one or moreactions.
 15. The method of claim 9, wherein performing further includesrandomly taking a number of subsequent actions in response to resultsassociated with performing the one or more actions.